Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware on my laptop


  • Please log in to reply

#1
debbiemack

debbiemack

    New Member

  • Member
  • Pip
  • 4 posts

Hi, I think I have malware on my Asus laptop.  Using Windows 8, 64 bit, Kaspersky Internet Security.  Redirecting to unwanted pages for ads.

 

Please find required attachments:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by User (administrator) on DEFAULT-PC (01-12-2015 19:56:00)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\IT Viewer\privoxy.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Farbar) C:\Users\User\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\Run: [Playthru Player] => C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe [412080 2015-08-05] (Playthru Player)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2015-11-01]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{13F90941-AB00-490E-A410-6A79564452C0}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-4280450626-1930446922-540388392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4280450626-1930446922-540388392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\facebook-search.xml [2015-11-07]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\McSiteAdvisor.xml [2015-11-10]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\extensions\[email protected] [2015-11-02]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Facebook™ Disconnect - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\Extensions\[email protected] [2015-11-01]
FF Extension: Privacy Settings - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\Extensions\[email protected] [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-08] (Apple Inc.)
R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-30] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-10] (Kaspersky Lab ZAO)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-11-29] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-01] (Enigma Software Group USA, LLC.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-20] (Clarus, Inc.) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-11-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-11-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-13] (ASUS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-01] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-01] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-10] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-11-10] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-10] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-10] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-22] ()
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-11] (McAfee, Inc.)
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-22] ()
S3 SPPD; C:\WINDOWS\system32\drivers\SPPD.sys [22512 2015-11-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-11-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-11-01] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-11-01] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 19:35 - 2015-12-01 19:35 - 00001413 _____ C:\Users\User\Desktop\FRST64(2).exe - Shortcut.lnk
2015-12-01 19:34 - 2015-12-01 19:34 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2015-12-01 19:14 - 2015-12-01 19:14 - 00024636 _____ C:\Users\User\Downloads\aswMBR.txt
2015-12-01 19:14 - 2015-12-01 19:14 - 00000512 _____ C:\Users\User\Downloads\MBR.dat
2015-12-01 19:11 - 2015-12-01 19:11 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr(1).exe
2015-12-01 19:09 - 2015-12-01 19:09 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr.exe
2015-12-01 19:02 - 2015-12-01 19:41 - 00026215 _____ C:\Users\User\Downloads\Addition.txt
2015-12-01 19:00 - 2015-12-01 19:56 - 00017219 _____ C:\Users\User\Downloads\FRST.txt
2015-12-01 18:59 - 2015-12-01 19:56 - 00000000 ____D C:\FRST
2015-12-01 18:59 - 2015-12-01 18:59 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-12-01 18:57 - 2015-12-01 18:57 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-12-01 18:11 - 2015-12-01 18:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Enigma Software Group
2015-12-01 18:11 - 2015-12-01 18:11 - 00000000 _____ C:\autoexec.bat
2015-12-01 18:10 - 2015-12-01 18:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-01 18:10 - 2015-12-01 18:10 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-01 18:10 - 2015-12-01 18:10 - 00003326 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-12-01 18:10 - 2015-12-01 18:10 - 00001105 _____ C:\Users\User\Desktop\SpyHunter.lnk
2015-12-01 18:10 - 2015-12-01 18:10 - 00000000 ____D C:\sh4ldr
2015-12-01 18:10 - 2015-12-01 18:10 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-01 18:09 - 2015-12-01 18:09 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe
2015-12-01 17:02 - 2015-12-01 17:03 - 00003815 _____ C:\WINDOWS\Green Valley Fun on the Farm Uninstall Log.txt
2015-12-01 13:32 - 2015-12-01 13:32 - 00000000 ____D C:\Users\User\AppData\Local\Clarus
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2015-11-29 20:50 - 2015-11-30 19:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Better Updater
2015-11-29 20:50 - 2015-11-29 21:09 - 00000000 ____D C:\Program Files (x86)\IT Viewer
2015-11-29 14:55 - 2015-11-29 14:56 - 55412736 _____ C:\Users\User\Downloads\FontPack1500720033_XtdAlf_Lang_DC.msi
2015-11-29 14:54 - 2015-11-29 14:54 - 00083441 _____ C:\Users\User\Downloads\Richard Henry McKavanagh(1).pdf
2015-11-29 14:48 - 2015-11-29 14:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 14:48 - 2015-11-29 14:48 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-28 19:10 - 2015-11-28 19:10 - 00000000 ____D C:\ProgramData\Intenium
2015-11-28 19:09 - 2015-11-28 19:09 - 00009027 _____ C:\WINDOWS\Green Valley Fun on the Farm Setup Log.txt
2015-11-28 19:09 - 2015-11-28 19:09 - 00000000 ____D C:\WINDOWS\Green Valley Fun on the Farm
2015-11-27 21:05 - 2015-11-27 21:05 - 00000000 ____D C:\Users\User\AppData\Roaming\8floor
2015-11-26 21:21 - 2015-11-26 21:21 - 00000000 ____D C:\Users\User\AppData\Roaming\BlamGames
2015-11-24 20:56 - 2015-11-24 20:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Eipix
2015-11-24 18:09 - 2015-11-24 18:10 - 01426493 _____ C:\Users\User\Downloads\What is Paleo
2015-11-23 23:10 - 2015-11-23 23:10 - 00000000 ____D C:\ProgramData\Clarus
2015-11-23 21:06 - 2015-11-23 21:06 - 00000000 ____D C:\Users\User\AppData\Roaming\ERS G-Studio
2015-11-21 19:22 - 2015-11-21 19:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Casual Arts
2015-11-21 19:20 - 2015-12-01 17:06 - 00000000 ____D C:\Program Files (x86)\Vacation Adventures - Cruise Director 2
2015-11-19 19:44 - 2015-11-19 19:44 - 00000000 ____D C:\Users\User\AppData\Local\Namco
2015-11-19 19:40 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2015-11-19 19:40 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-11-19 19:40 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-11-19 19:40 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-11-19 19:40 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-11-19 19:40 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2015-11-19 19:40 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2015-11-19 19:40 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2015-11-19 19:40 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2015-11-19 19:40 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2015-11-19 19:40 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2015-11-19 19:40 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2015-11-19 19:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2015-11-19 19:40 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2015-11-19 19:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2015-11-19 19:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2015-11-19 19:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2015-11-19 19:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2015-11-19 19:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2015-11-19 19:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2015-11-19 19:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2015-11-19 19:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2015-11-19 19:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2015-11-19 19:40 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2015-11-19 19:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2015-11-19 19:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2015-11-19 19:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2015-11-19 19:40 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2015-11-19 19:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-11-19 19:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2015-11-19 19:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2015-11-19 19:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2015-11-19 19:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2015-11-19 19:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2015-11-19 19:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2015-11-19 19:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2015-11-19 19:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2015-11-19 19:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2015-11-19 19:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2015-11-19 19:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2015-11-19 19:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2015-11-19 19:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2015-11-19 19:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-11-19 19:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-11-19 19:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-11-19 19:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-11-19 19:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-11-19 19:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2015-11-19 19:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-11-19 19:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2015-11-19 19:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-11-19 19:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-11-19 19:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-11-19 19:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2015-11-19 19:39 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-11-19 19:39 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2015-11-19 19:39 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-11-19 19:39 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2015-11-19 19:39 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-11-19 19:39 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2015-11-19 19:39 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-11-19 19:39 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2015-11-19 19:35 - 2015-11-19 19:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-11-16 22:16 - 2015-11-16 22:28 - 00000000 ____D C:\Users\User\Documents\Audiobooks
2015-11-16 19:50 - 2015-11-16 19:50 - 00000000 ____D C:\ProgramData\ZombieJewel
2015-11-16 13:08 - 2015-11-16 13:09 - 00003294 _____ C:\WINDOWS\BRPARAM.INI
2015-11-16 13:08 - 2015-11-16 13:08 - 00000000 ____D C:\ProgramData\Brother
2015-11-16 13:05 - 2015-11-16 13:09 - 00000000 ____D C:\Users\User\Documents\Fax
2015-11-16 13:05 - 2015-11-16 13:05 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2015-11-16 12:56 - 2015-11-16 12:56 - 00204309 _____ C:\Users\User\Downloads\order-44441.pdf
2015-11-15 21:20 - 2015-11-15 21:20 - 00000000 ____D C:\Users\User\AppData\Local\JollyBear
2015-11-15 21:20 - 2015-11-15 21:20 - 00000000 ____D C:\ProgramData\JollyBear
2015-11-14 19:43 - 2015-11-14 19:43 - 00321718 _____ C:\Users\User\Downloads\Gordon Roy Spencer 1951.pdf
2015-11-14 19:42 - 2015-11-14 19:42 - 00315917 _____ C:\Users\User\Downloads\document(15).pdf
2015-11-13 20:18 - 2015-11-13 20:18 - 00000000 ____D C:\Users\User\AppData\Roaming\HomeMakeover
2015-11-13 19:17 - 2015-11-13 19:17 - 00000000 ____D C:\Users\User\AppData\Local\fantasy_mosaics_10
2015-11-13 12:40 - 2015-11-13 12:40 - 00020367 _____ C:\Users\User\Downloads\12689_20151108.pdf
2015-11-12 23:45 - 2015-11-12 23:45 - 00161618 _____ C:\Users\User\Downloads\Obituary Mr WHF Zimmermann 2 Dec 1932.pdf
2015-11-12 23:44 - 2015-11-12 23:45 - 00156045 _____ C:\Users\User\Downloads\document(14).pdf
2015-11-12 23:34 - 2015-11-12 23:34 - 00083441 _____ C:\Users\User\Downloads\Richard Henry McKavanagh.pdf
2015-11-12 23:33 - 2015-11-12 23:33 - 00079367 _____ C:\Users\User\Downloads\document(13).pdf
2015-11-12 23:21 - 2015-11-12 23:21 - 00541853 _____ C:\Users\User\Downloads\John Francis McKavanagh man freed on murder charge 7 July 1947.pdf
2015-11-12 23:21 - 2015-11-12 23:21 - 00536251 _____ C:\Users\User\Downloads\document(12).pdf
2015-11-12 23:09 - 2015-11-12 23:09 - 00955254 _____ C:\Users\User\Downloads\John Francis McKavanagh 2 June 1947 murder trial.pdf
2015-11-12 23:08 - 2015-11-12 23:08 - 00949483 _____ C:\Users\User\Downloads\document(11).pdf
2015-11-12 22:47 - 2015-11-12 22:47 - 00041789 _____ C:\Users\User\Downloads\Thomas McKavanagh death 1897.pdf
2015-11-12 22:47 - 2015-11-12 22:47 - 00037376 _____ C:\Users\User\Downloads\document(10).pdf
2015-11-12 22:43 - 2015-11-12 22:43 - 00203265 _____ C:\Users\User\Downloads\John Francis McKavanagh man charged with murder.pdf
2015-11-12 22:42 - 2015-11-12 22:42 - 00197668 _____ C:\Users\User\Downloads\document(9).pdf
2015-11-12 22:36 - 2015-11-12 22:36 - 00141549 _____ C:\Users\User\Downloads\John Patrick McKavanagh death 1939.pdf
2015-11-12 22:35 - 2015-11-12 22:35 - 00136015 _____ C:\Users\User\Downloads\document(8).pdf
2015-11-12 22:27 - 2015-11-12 22:27 - 00125219 _____ C:\Users\User\Downloads\John Francis McKavanagh 1935 man convicted for nose frature.pdf
2015-11-12 22:26 - 2015-11-12 22:26 - 00119535 _____ C:\Users\User\Downloads\document(7).pdf
2015-11-12 22:18 - 2015-11-12 22:18 - 00067372 _____ C:\Users\User\Downloads\John Patrick McKavanagh accident 1909.pdf
2015-11-12 22:17 - 2015-11-12 22:17 - 00062976 _____ C:\Users\User\Downloads\document(6).pdf
2015-11-12 22:14 - 2015-11-12 22:14 - 00053283 _____ C:\Users\User\Downloads\John Patrick McKavanagh probate.pdf
2015-11-12 22:13 - 2015-11-12 22:13 - 00049216 _____ C:\Users\User\Downloads\document(5).pdf
2015-11-12 22:10 - 2015-11-12 22:10 - 00071612 _____ C:\Users\User\Downloads\John Francis McKavanagh  nose fractured 1935.pdf
2015-11-12 22:10 - 2015-11-12 22:10 - 00067228 _____ C:\Users\User\Downloads\document(4).pdf
2015-11-12 22:03 - 2015-11-12 22:03 - 00178005 _____ C:\Users\User\Downloads\John Francis McKavanagh murder trial.pdf
2015-11-12 22:02 - 2015-11-12 22:02 - 00172287 _____ C:\Users\User\Downloads\document(3).pdf
2015-11-12 21:58 - 2015-11-12 21:58 - 00122224 _____ C:\Users\User\Downloads\John Francis McKavanagh murder.pdf
2015-11-12 21:57 - 2015-11-12 21:57 - 00117808 _____ C:\Users\User\Downloads\document(2).pdf
2015-11-12 21:10 - 2015-11-12 21:10 - 01717948 _____ C:\Users\User\Downloads\John Shuttler Irish death Notice 1953.pdf
2015-11-12 21:09 - 2015-11-12 21:09 - 01711585 _____ C:\Users\User\Downloads\document(1).pdf
2015-11-11 21:06 - 2015-11-11 21:06 - 00654819 _____ C:\Users\User\Downloads\McKavanagh Green Wedding 19 July 1947.pdf
2015-11-11 21:03 - 2015-11-11 21:04 - 55334400 _____ C:\Users\User\Downloads\FontPack11009_XtdAlf_Lang.msi
2015-11-11 21:02 - 2015-11-11 21:02 - 00649113 _____ C:\Users\User\Downloads\document.pdf
2015-11-11 15:39 - 2015-10-21 07:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 15:39 - 2015-10-21 00:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 15:39 - 2015-10-21 00:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 15:39 - 2015-10-21 00:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 15:39 - 2015-10-21 00:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 15:39 - 2015-10-21 00:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 15:38 - 2015-10-31 09:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 15:38 - 2015-10-31 09:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 15:38 - 2015-10-31 09:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 15:38 - 2015-10-31 09:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 15:38 - 2015-10-31 09:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 15:38 - 2015-10-31 08:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 15:38 - 2015-10-31 08:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 15:38 - 2015-10-31 08:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 15:38 - 2015-10-31 08:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 15:38 - 2015-10-31 08:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 15:38 - 2015-10-31 08:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 15:38 - 2015-10-31 08:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 15:38 - 2015-10-31 08:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 15:38 - 2015-10-31 08:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 15:38 - 2015-10-31 08:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 15:38 - 2015-10-31 08:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 15:38 - 2015-10-31 08:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 15:38 - 2015-10-31 08:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 15:38 - 2015-10-31 08:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 15:38 - 2015-10-31 07:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 15:38 - 2015-10-31 07:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 15:38 - 2015-10-31 07:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 15:38 - 2015-10-31 07:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 15:31 - 2015-10-18 00:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 15:31 - 2015-09-08 02:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 15:31 - 2015-09-08 01:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 15:31 - 2015-09-08 01:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 15:31 - 2015-03-20 13:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-11-11 15:31 - 2015-01-29 11:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-11-11 15:21 - 2015-10-15 09:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 15:21 - 2015-10-15 09:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 15:21 - 2015-10-15 09:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 15:21 - 2015-10-15 09:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 15:21 - 2015-10-15 09:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 14:11 - 2015-10-14 01:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 14:11 - 2015-10-11 16:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 14:11 - 2015-10-11 16:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 14:11 - 2015-10-11 04:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 14:11 - 2015-10-11 04:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 14:11 - 2015-10-11 04:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 14:11 - 2015-10-11 03:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 14:11 - 2015-10-11 03:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 14:11 - 2015-10-11 03:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 14:11 - 2015-10-11 02:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 14:10 - 2015-09-29 22:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 14:09 - 2015-08-21 06:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 14:09 - 2015-08-21 03:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 14:07 - 2015-10-14 03:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 14:07 - 2015-10-14 03:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 14:07 - 2015-09-05 05:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 14:07 - 2015-08-29 08:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 14:01 - 2015-10-16 02:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 14:01 - 2015-10-16 01:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 14:00 - 2015-09-12 23:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 13:39 - 2015-10-09 02:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 13:39 - 2015-08-11 04:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 13:39 - 2015-08-11 04:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 13:39 - 2015-08-11 03:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 13:39 - 2015-08-11 02:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 13:39 - 2015-08-11 02:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 11:25 - 2015-11-10 11:25 - 00022512 _____ C:\WINDOWS\system32\Drivers\SPPD.sys
2015-11-10 10:36 - 2015-11-10 10:36 - 00002412 _____ C:\Users\User\Desktop\Safe Money.lnk
2015-11-10 10:36 - 2015-11-10 10:36 - 00002150 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-11-10 10:36 - 2015-11-10 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-11-10 10:35 - 2015-12-01 19:33 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-10 10:35 - 2015-11-10 10:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-10 10:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-11-10 10:34 - 2015-11-10 11:20 - 00925064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-11-10 10:34 - 2015-11-10 11:20 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-11-10 10:24 - 2015-11-10 10:27 - 177804504 _____ (Kaspersky Lab) C:\Users\User\Downloads\kis16.0.0.614en-au.exe
2015-11-10 10:13 - 2015-12-01 19:19 - 00000000 ___DO C:\Users\User\OneDrive
2015-11-09 19:52 - 2015-11-09 19:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Five-BN Games
2015-11-08 21:58 - 2015-11-08 21:58 - 00000000 ____D C:\ProgramData\AlawarEntertainment
2015-11-08 11:44 - 2015-11-08 11:44 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-11-07 18:03 - 2015-11-07 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\ERS Game Studios
2015-11-07 12:02 - 2015-11-07 21:45 - 00000000 ____D C:\AdwCleaner
2015-11-07 12:01 - 2015-11-07 12:01 - 01713664 _____ C:\Users\User\Downloads\adwcleaner_5.018.exe
2015-11-07 00:21 - 2015-11-29 14:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-06 22:05 - 2015-11-06 22:05 - 00000000 ____D C:\Users\User\AppData\Local\fantasy_mosaics_9
2015-11-06 16:31 - 2015-11-06 16:31 - 00000000 ____D C:\Users\User\AppData\Local\GWX
2015-11-05 23:43 - 2015-11-08 21:58 - 00000000 ____D C:\Users\User\AppData\Roaming\AlawarEntertainment
2015-11-05 00:48 - 2015-11-07 01:01 - 00002141 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-11-05 00:25 - 2015-11-05 00:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2015-11-05 00:25 - 2015-11-05 00:25 - 00000000 ____D C:\Users\User\AppData\Local\Samsung
2015-11-05 00:25 - 2015-11-05 00:25 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-05 00:24 - 2015-11-05 00:49 - 00000000 ____D C:\Users\User\Documents\samsung
2015-11-05 00:24 - 2015-11-05 00:38 - 00002020 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-11-05 00:24 - 2015-11-05 00:38 - 00002010 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-11-05 00:18 - 2015-05-21 16:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-11-05 00:18 - 2015-05-21 16:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-11-05 00:17 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-11-05 00:17 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-11-05 00:16 - 2015-11-05 00:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-05 00:16 - 2015-11-05 00:23 - 00000000 ____D C:\ProgramData\Samsung
2015-11-05 00:09 - 2015-11-05 00:09 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2015-11-05 00:08 - 2015-11-05 00:09 - 78749536 _____ (Samsung Electronics Co., Ltd.) C:\Users\User\Downloads\KiesSetup.exe
2015-11-04 23:23 - 2015-11-04 23:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-11-03 23:43 - 2015-11-04 21:14 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-11-03 23:43 - 2015-11-03 23:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-11-03 23:43 - 2015-11-03 23:43 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-03 21:38 - 2015-11-03 22:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Jewel Match Twilight
2015-11-03 20:04 - 2015-07-31 00:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-03 20:04 - 2015-07-30 23:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-03 19:51 - 2014-04-16 09:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-03 19:51 - 2014-04-16 09:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-02 15:36 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Hot Lava Games
2015-11-02 15:36 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Game Forest
2015-11-02 15:06 - 2015-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\Gummy Drop!
2015-11-02 15:06 - 2015-11-02 15:06 - 00001938 _____ C:\Users\Public\Desktop\Play Gummy Drop!.lnk
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Anuman
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2015-11-02 15:02 - 2015-11-02 15:02 - 00000973 _____ C:\Users\Public\Desktop\Games.lnk
2015-11-02 15:01 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\Big Fish
2015-11-02 15:01 - 2015-11-02 15:01 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-11-02 15:01 - 2015-11-02 15:01 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-11-02 15:01 - 2015-11-02 15:01 - 00000000 ____D C:\Program Files (x86)\bfgclient
2015-11-02 15:00 - 2015-11-13 23:16 - 00000000 ____D C:\BigFishCache
2015-11-02 15:00 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Local\Big Fish
2015-11-02 14:17 - 2015-11-02 14:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2015-11-02 14:17 - 2015-11-02 14:17 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-02 14:17 - 2015-11-02 14:17 - 00000000 ____D C:\Users\User\AppData\Local\Apple Computer
2015-11-02 14:17 - 2015-11-02 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-02 14:16 - 2015-11-02 14:17 - 00000000 ____D C:\Program Files\iTunes
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files\iPod
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-02 14:14 - 2015-11-02 14:14 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files\Bonjour
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-02 14:13 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-02 14:13 - 2015-11-02 14:14 - 00000000 ____D C:\ProgramData\Apple
2015-11-02 14:08 - 2015-11-02 14:11 - 167839512 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes6464Setup.exe
2015-11-02 11:43 - 2015-11-29 14:49 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 11:24 - 2015-12-01 19:07 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C87F0C6B-BFA6-4603-BC36-1FF5CF9BEDC3}
2015-11-02 11:21 - 2015-12-01 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player
2015-11-02 11:21 - 2015-11-02 11:21 - 00000000 ____D C:\Program Files (x86)\PlaythruPlayer
2015-11-02 11:20 - 2015-11-02 11:41 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-11-02 11:20 - 2015-11-02 11:41 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-11-02 11:20 - 2015-11-02 11:20 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-11-02 11:20 - 2015-11-02 11:20 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-11-02 11:18 - 2015-11-02 11:18 - 01136168 _____ (Download Assistant) C:\Users\User\Downloads\firefox_setup.exe
2015-11-01 12:56 - 2015-11-07 12:04 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-11-01 12:56 - 2015-11-01 12:56 - 00002644 _____ C:\Users\User\Desktop\µTorrent.lnk
2015-11-01 12:56 - 2015-11-01 12:56 - 00000000 ____D C:\Users\User\AppData\Local\SearchProtect
2015-11-01 12:55 - 2015-12-01 00:04 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-11-01 12:54 - 2015-11-01 12:54 - 01822048 _____ (BitTorrent Inc.) C:\Users\User\Downloads\uTorrent.exe
2015-11-01 12:13 - 2014-06-10 08:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-01 12:13 - 2014-06-10 08:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-01 12:10 - 2015-05-12 23:19 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-11-01 12:07 - 2015-11-12 19:26 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-11-01 12:07 - 2015-11-12 19:26 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-11-01 12:06 - 2015-09-19 13:18 - 00035384 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-11-01 12:06 - 2015-09-18 23:42 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-11-01 12:06 - 2015-09-18 23:42 - 01163776 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-11-01 12:06 - 2015-09-18 23:42 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-11-01 12:06 - 2015-09-18 23:42 - 00699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-11-01 12:06 - 2015-09-18 23:42 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-11-01 12:06 - 2015-09-18 23:42 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-01 12:06 - 2015-07-14 13:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe
2015-11-01 12:06 - 2015-05-21 23:08 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-11-01 12:06 - 2015-01-20 04:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-11-01 12:00 - 2015-11-10 10:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-01 11:37 - 2015-11-01 11:37 - 00001444 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-11-01 11:37 - 2015-11-01 11:37 - 00000020 ___SH C:\Users\User\ntuser.ini
2015-11-01 09:32 - 2015-11-02 11:32 - 00000000 ___DC C:\WINDOWS\Panther
2015-11-01 09:26 - 2015-11-01 09:26 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 02819072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2015-11-01 09:26 - 2015-11-01 09:26 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 04837376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 01574400 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 01454080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-11-01 09:25 - 2015-11-01 09:25 - 01154048 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2015-11-01 09:25 - 2015-11-01 09:25 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 01027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00962216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00952896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00885760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2015-11-01 09:25 - 2015-11-01 09:25 - 00801584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00786120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00551232 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00473408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00465408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSHVHOST.DLL
2015-11-01 09:25 - 2015-11-01 09:25 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSHVHOST.DLL
2015-11-01 09:25 - 2015-11-01 09:25 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2015-11-01 09:25 - 2015-11-01 09:25 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\QSVRMGMT.DLL
2015-11-01 09:25 - 2015-11-01 09:25 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\QSVRMGMT.DLL
2015-11-01 09:25 - 2015-11-01 09:25 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00058176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-11-01 09:25 - 2015-11-01 09:25 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-11-01 09:25 - 2015-11-01 09:25 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-11-01 09:25 - 2015-11-01 09:25 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-11-01 09:25 - 2015-11-01 09:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 04417536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 02985984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 01207296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2015-11-01 09:24 - 2015-11-01 09:24 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-11-01 09:24 - 2015-11-01 09:24 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-11-01 09:24 - 2015-11-01 09:24 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-11-01 09:23 - 2015-11-01 09:23 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00672984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-11-01 09:23 - 2015-11-01 09:23 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-11-01 09:23 - 2015-11-01 09:23 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00273240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2015-11-01 09:23 - 2015-11-01 09:23 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsDatabase.dll
2015-11-01 09:23 - 2015-11-01 09:23 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-11-01 09:23 - 2015-11-01 09:23 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-11-01 09:22 - 2015-11-01 09:22 - 01763352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 01488040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00108544 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-11-01 09:22 - 2015-11-01 09:22 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00059712 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys
2015-11-01 09:22 - 2015-11-01 09:22 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00051008 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys
2015-11-01 09:22 - 2015-11-01 09:22 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-11-01 09:22 - 2015-11-01 09:22 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-11-01 09:22 - 2015-11-01 09:22 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-11-01 09:22 - 2015-11-01 09:22 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-11-01 09:21 - 2015-11-01 09:21 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-11-01 09:21 - 2015-11-01 09:21 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-11-01 09:21 - 2015-11-01 09:21 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-11-01 09:21 - 2015-11-01 09:21 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-11-01 09:21 - 2015-11-01 09:21 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-11-01 09:21 - 2015-11-01 09:21 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 18823680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 15159296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 01381888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 00971776 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 00811008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 00513480 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-11-01 09:20 - 2015-11-01 09:20 - 00513480 _____ C:\WINDOWS\system32\locale.nls
2015-11-01 09:20 - 2015-11-01 09:20 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-11-01 09:20 - 2015-11-01 09:20 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-11-01 09:19 - 2015-11-01 09:19 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 01633792 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00951296 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-11-01 09:19 - 2015-11-01 09:19 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-11-01 09:19 - 2015-11-01 09:19 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2015-11-01 09:19 - 2015-11-01 09:19 - 00046456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContentServer.exe
2015-11-01 09:19 - 2015-11-01 09:19 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\tracerpt.exe
2015-11-01 09:18 - 2015-11-01 09:18 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00377152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-11-01 09:18 - 2015-11-01 09:18 - 00369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tracerpt.exe
2015-11-01 09:18 - 2015-11-01 09:18 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00257216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-11-01 09:18 - 2015-11-01 09:18 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-11-01 09:17 - 2015-11-01 09:17 - 02476376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-11-01 09:17 - 2015-11-01 09:17 - 00690016 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-11-01 09:17 - 2015-11-01 09:17 - 00484552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-11-01 09:17 - 2015-11-01 09:17 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-11-01 09:17 - 2015-11-01 09:17 - 00239424 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-11-01 09:17 - 2015-11-01 09:17 - 00154432 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-11-01 09:17 - 2015-11-01 09:17 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2015-11-01 09:17 - 2015-11-01 09:17 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2015-11-01 09:17 - 2015-11-01 09:17 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2015-11-01 09:16 - 2015-11-01 09:16 - 01385256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-11-01 09:16 - 2015-11-01 09:16 - 01124352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-11-01 09:16 - 2015-11-01 09:16 - 00097792 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-11-01 09:16 - 2015-11-01 09:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-11-01 09:15 - 2015-11-01 09:15 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 03551744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 01969664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 01488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42u.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 01464832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc42.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42u.dll
2015-11-01 09:15 - 2015-11-01 09:15 - 01204224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc42.dll
2015-11-01 09:14 - 2015-11-01 09:14 - 01696256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2015-11-01 09:14 - 2015-11-01 09:14 - 00780800 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-11-01 09:14 - 2015-11-01 09:14 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-11-01 09:14 - 2015-11-01 09:14 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-11-01 09:14 - 2015-11-01 09:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rgb9rast.dll
2015-11-01 09:14 - 2015-11-01 09:14 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 03109376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 01311960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2015-11-01 09:13 - 2015-11-01 09:13 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageContextHandler.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StorageContextHandler.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2015-11-01 09:13 - 2015-11-01 09:13 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 02162176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 01113944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-11-01 09:12 - 2015-11-01 09:12 - 00933888 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00487256 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00410128 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00393560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-11-01 09:12 - 2015-11-01 09:12 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-11-01 09:12 - 2015-11-01 09:12 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2015-11-01 09:12 - 2015-11-01 09:12 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-11-01 09:12 - 2015-11-01 09:12 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-11-01 09:12 - 2015-11-01 09:12 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 07784448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-11-01 09:11 - 2015-11-01 09:11 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-11-01 09:11 - 2015-11-01 09:11 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-11-01 09:10 - 2015-11-01 09:10 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-11-01 09:10 - 2015-11-01 09:10 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-11-01 09:10 - 2015-11-01 09:10 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-11-01 09:10 - 2015-11-01 09:10 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2015-11-01 09:10 - 2015-11-01 09:10 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-11-01 09:10 - 2015-11-01 09:10 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2015-11-01 09:10 - 2015-11-01 09:10 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00723072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00560392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-11-01 09:09 - 2015-11-01 09:09 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-11-01 09:09 - 2015-11-01 09:09 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-11-01 09:09 - 2015-11-01 09:09 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-11-01 09:09 - 2015-11-01 09:09 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-11-01 09:08 - 2015-11-01 09:08 - 02256896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-11-01 09:08 - 2015-11-01 09:08 - 01943040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-11-01 09:08 - 2015-11-01 09:08 - 00467776 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-11-01 09:07 - 2015-11-01 09:07 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-11-01 09:07 - 2015-11-01 09:07 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-11-01 09:07 - 2015-11-01 09:07 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-11-01 09:07 - 2015-11-01 09:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-11-01 09:07 - 2015-11-01 09:07 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\atlthunk.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-11-01 09:07 - 2015-11-01 09:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-11-01 09:05 - 2015-11-01 09:05 - 02501368 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-11-01 09:05 - 2015-11-01 09:05 - 02207488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-11-01 09:05 - 2015-11-01 09:05 - 00991552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-11-01 09:05 - 2015-11-01 09:05 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2015-11-01 09:05 - 2015-11-01 09:05 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2015-11-01 09:05 - 2015-11-01 09:05 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-11-01 09:05 - 2015-11-01 09:05 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-11-01 09:05 - 2015-11-01 09:05 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-11-01 09:05 - 2015-11-01 09:05 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-11-01 09:05 - 2015-11-01 09:05 - 00118616 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-11-01 09:04 - 2015-11-01 09:04 - 03084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 02471424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\photowiz.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\photowiz.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-11-01 09:04 - 2015-11-01 09:04 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00262144 _____ C:\WINDOWS\system32\config\userdiff
2015-11-01 09:03 - 2015-11-01 09:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-11-01 09:03 - 2015-11-01 09:03 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2015-11-01 09:03 - 2015-11-01 09:03 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-11-01 09:03 - 2015-11-01 09:03 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-11-01 09:01 - 2015-11-01 09:01 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-11-01 09:01 - 2015-11-01 09:01 - 00000000 ____D C:\Program Files\MSBuild
2015-11-01 09:01 - 2015-11-01 09:01 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-11-01 09:01 - 2015-11-01 09:01 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-11-01 09:00 - 2015-11-01 09:00 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-11-01 09:00 - 2015-11-01 09:00 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-11-01 09:00 - 2013-08-03 14:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-01 09:00 - 2013-08-03 14:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-01 08:51 - 2015-11-01 08:51 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-11-01 08:48 - 2015-11-01 08:48 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-11-01 08:47 - 2015-11-01 09:03 - 00020958 _____ C:\WINDOWS\diagwrn.xml
2015-11-01 08:47 - 2015-11-01 09:03 - 00020958 _____ C:\WINDOWS\diagerr.xml
2015-11-01 08:47 - 2015-11-01 08:47 - 00000000 _SHDL C:\Users\User\My Documents
2015-11-01 08:47 - 2015-11-01 08:47 - 00000000 _SHDL C:\Users\User\Documents\My Videos
2015-11-01 08:47 - 2015-11-01 08:47 - 00000000 _SHDL C:\Users\User\Documents\My Pictures
2015-11-01 08:47 - 2015-11-01 08:47 - 00000000 _SHDL C:\Users\User\Documents\My Music
2015-11-01 08:47 - 2014-11-21 18:52 - 00000369 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-11-01 08:47 - 2014-11-21 18:52 - 00000369 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-11-01 08:37 - 2015-11-01 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-11-01 08:37 - 2015-11-01 08:49 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-01 08:37 - 2015-11-01 08:37 - 00171084 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2015-11-01 08:37 - 2015-11-01 08:37 - 00002241 _____ C:\Users\Public\Desktop\AudioWizard.lnk
2015-11-01 08:37 - 2015-11-01 08:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-11-01 08:37 - 2015-11-01 08:37 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-11-01 08:37 - 2015-11-01 08:37 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-11-01 08:37 - 2015-11-01 08:37 - 00000000 ____D C:\Program Files\Realtek
2015-11-01 08:37 - 2013-10-02 06:02 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-11-01 08:37 - 2013-10-02 06:02 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-11-01 06:33 - 2015-11-01 06:33 - 00000000 ____D C:\Users\User\AppData\Local\Macromedia
2015-11-01 06:31 - 2015-12-01 19:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-11-01 06:31 - 2015-11-11 12:19 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-01 06:26 - 2015-11-05 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-01 06:26 - 2015-11-01 06:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\CLARUS_DRIVE_MANAGER
2015-11-01 06:26 - 2015-11-01 06:26 - 00000000 ____D C:\Program Files (x86)\Clarus
2015-11-01 05:52 - 2015-11-10 10:12 - 00000000 ___RD C:\Users\User\OneDrive.old
2015-11-01 05:52 - 2015-11-01 05:52 - 00002218 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-11-01 05:51 - 2015-11-01 05:51 - 00000000 ___RD C:\Users\User\SkyDrive
2015-11-01 05:51 - 2015-11-01 05:51 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-11-01 05:45 - 2015-11-29 14:55 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-01 05:45 - 2015-11-01 05:45 - 00000000 ____D C:\Users\User\AppData\LocalLow\Adobe
2015-11-01 05:27 - 2015-11-07 11:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-01 05:27 - 2015-11-07 00:18 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-01 05:27 - 2015-11-07 00:18 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-01 05:27 - 2015-11-07 00:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 05:27 - 2015-11-01 05:33 - 00000000 ____D C:\Users\User\AppData\Local\Mozilla
2015-11-01 05:27 - 2015-11-01 05:27 - 00000000 ____D C:\Users\User\AppData\Roaming\Mozilla
2015-11-01 05:08 - 2015-11-01 06:26 - 00001824 _____ C:\Users\User\Desktop\Samsung Drive Manager.lnk
2015-11-01 04:05 - 2015-11-01 04:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-01 19:41 - 2013-08-22 23:36 - 00000000 ____D C:\Windows
2015-12-01 19:29 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 19:27 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 19:26 - 2015-10-24 00:39 - 00000062 _____ C:\Users\User\AppData\Roaming\sp_data.sys
2015-12-01 19:24 - 2014-03-20 14:57 - 00003268 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2015-12-01 19:24 - 2014-03-20 14:52 - 00003028 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-01 19:24 - 2014-03-20 14:52 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-12-01 19:24 - 2014-03-20 14:52 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-12-01 19:24 - 2014-03-20 14:51 - 00003384 _____ C:\WINDOWS\System32\Tasks\Update Checker
2015-12-01 19:24 - 2014-03-20 14:51 - 00003056 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-01 19:24 - 2014-03-20 14:51 - 00002956 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2015-12-01 19:24 - 2014-03-20 14:44 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-01 19:18 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-01 18:17 - 2015-10-24 01:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4280450626-1930446922-540388392-1001
2015-12-01 17:54 - 2013-08-23 00:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-01 17:29 - 2014-03-20 14:55 - 00000000 ____D C:\ProgramData\Temp
2015-12-01 17:13 - 2013-05-01 19:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-01 17:11 - 2013-05-01 19:39 - 00000000 ____D C:\Program Files (x86)\WildGames
2015-11-30 19:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 19:21 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-11-30 19:13 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-29 21:52 - 2015-10-29 11:59 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-11-29 14:48 - 2013-05-01 19:34 - 00000000 ____D C:\ProgramData\Adobe
2015-11-24 21:22 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-23 23:40 - 2014-11-21 18:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-22 23:12 - 2015-10-30 12:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-22 21:38 - 2015-10-30 12:55 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-16 13:13 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-11-13 00:31 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 00:31 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-10 11:26 - 2013-05-01 19:37 - 00000000 ____D C:\ProgramData\McAfee
2015-11-10 11:20 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-11-10 11:20 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-11-10 10:39 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-11-10 10:35 - 2012-07-26 18:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-10 10:31 - 2012-07-26 15:37 - 00000000 ____D C:\Users\Default.migrated
2015-11-07 11:59 - 2013-05-01 19:39 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-05 22:09 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-11-05 00:48 - 2014-03-20 14:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-04 21:25 - 2015-10-24 00:33 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2015-11-03 23:43 - 2014-11-22 01:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-11-03 21:38 - 2015-10-24 00:33 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-03 10:23 - 2014-11-22 02:03 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 10:23 - 2014-11-22 02:03 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 11:40 - 2015-10-31 04:34 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-11-01 09:28 - 2013-08-23 01:36 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template
2015-11-01 09:26 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-11-01 09:26 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-11-01 09:26 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\setup
2015-11-01 09:20 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\WinStore
2015-11-01 09:19 - 2014-11-21 18:25 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-01 09:12 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-11-01 09:12 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-11-01 09:04 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Registration
2015-11-01 09:03 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-11-01 09:02 - 2013-08-23 01:36 - 00000000 __RSD C:\WINDOWS\Media
2015-11-01 09:02 - 2013-08-23 01:36 - 00000000 __RHD C:\Users\Public\Libraries
2015-11-01 08:52 - 2014-03-20 14:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-11-01 08:52 - 2013-08-23 01:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-11-01 08:52 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-11-01 08:52 - 2013-05-01 19:37 - 00000000 ____D C:\WINDOWS\fr
2015-11-01 08:52 - 2013-05-01 19:37 - 00000000 ____D C:\WINDOWS\es
2015-11-01 08:52 - 2013-05-01 19:37 - 00000000 ____D C:\WINDOWS\en
2015-11-01 08:51 - 2014-11-21 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-11-01 08:51 - 2014-11-21 18:00 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-11-01 08:51 - 2014-11-21 18:00 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-11-01 08:51 - 2014-03-20 14:47 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\spool
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-11-01 08:51 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\IME
2015-11-01 08:51 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-11-01 08:51 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-11-01 08:49 - 2014-03-20 14:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2015-11-01 08:49 - 2013-08-23 01:43 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\IME
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\Help
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-11-01 08:49 - 2013-08-23 01:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-11-01 08:49 - 2012-08-02 11:24 - 00000000 ____D C:\ProgramData\PRICache
2015-11-01 06:01 - 2012-07-26 18:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2015-11-01 05:45 - 2015-10-24 00:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2015-11-01 05:44 - 2012-08-02 11:36 - 00000000 ____D C:\WINDOWS\Log

==================== Files in the root of some directories =======

2015-10-24 00:39 - 2015-12-01 19:26 - 0000062 _____ () C:\Users\User\AppData\Roaming\sp_data.sys
2015-11-01 08:37 - 2015-11-01 08:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 19:34 - 2012-09-07 21:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 19:34 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 19:34 - 2012-09-07 21:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\User\AppData\Local\Temp\AAA9.tmp.exe
C:\Users\User\AppData\Local\Temp\dlLogic.exe
C:\Users\User\AppData\Local\Temp\Execute2App.exe
C:\Users\User\AppData\Local\Temp\McCSPInstall.dll
C:\Users\User\AppData\Local\Temp\mccspuninstall.exe
C:\Users\User\AppData\Local\Temp\msvcp90.dll
C:\Users\User\AppData\Local\Temp\msvcr90.dll
C:\Users\User\AppData\Local\Temp\offer-1D426CE6-4ADF-4824-B9B1-CC757D874643.exe
C:\Users\User\AppData\Local\Temp\spstub.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
C:\Users\User\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-29 16:04

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by User (2015-12-01 19:57:29)
Running from C:\Users\User\Downloads
Windows 8.1 (X64) (2015-11-01 01:37:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4280450626-1930446922-540388392-500 - Administrator - Disabled)
Guest (S-1-5-21-4280450626-1930446922-540388392-501 - Limited - Disabled)
User (S-1-5-21-4280450626-1930446922-540388392-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Playthru Player (HKLM-x32\...\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}) (Version: 1.5.0.12 - Playthru Player)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4280450626-1930446922-540388392-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4280450626-1930446922-540388392-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

15-11-2015 18:46:29 Windows Update
19-11-2015 19:38:01 Installed DirectX
22-11-2015 21:37:26 Windows Update
29-11-2015 15:05:34 Installed Extended Asian Language font pack for Adobe Acrobat Reader DC.
01-12-2015 17:00:48 Removed Extended Asian Language font pack for Adobe Acrobat Reader DC.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002E7D41-B68C-4693-A484-0E0FB9DFAF0B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-08] (ASUS)
Task: {0D72216C-4645-4D3D-B3CC-0CF4022BFCE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {122C36EE-41A1-48C6-9405-892483F468C9} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-13] (AsusTek)
Task: {1E78E299-C52B-4CC5-8C8D-E6F390171704} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-22] (Microsoft Corporation)
Task: {28D774F3-A9CB-42BC-A2FF-E393E8E2A4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-29] (Adobe Systems Incorporated)
Task: {4AE1ADDE-FEDD-4906-83DD-2C1A39A8770F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-12-01] ()
Task: {4F6019BB-0114-4778-9B75-4BCB6827DDE1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-30] (ASUS)
Task: {532A1D89-B534-483D-AED6-A6DA0FB848CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {62B1BB49-8D09-4731-9552-CC555E955E39} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-12-01] ()
Task: {7F35D3E4-8FD8-4443-8AC7-F0B2EE7E1433} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {80B8EAF9-E815-4273-965F-38B008B16BC6} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-05] ()
Task: {92959BB2-6B0F-4426-A361-8A1289296E19} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-08] (ASUSTeK Computer Inc.)
Task: {9C574831-25EE-4194-8657-CFF3D4288D13} - \Better Updater -> No File <==== ATTENTION
Task: {A8271103-ECD9-4713-B53C-474AFF584EAA} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-28] ()
Task: {A98366C3-47A2-41DA-A2A1-B53916F3AD40} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-01] (Enigma Software Group USA, LLC.)
Task: {AE690392-5AC1-48E5-A8C0-423E21D5B473} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2015-08-20] (Clarus, Inc.)
Task: {B220A2A9-AF72-436E-9B17-F07B2208E4B1} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-13 23:45 - 2015-10-13 23:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 23:45 - 2015-10-13 23:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-19 16:10 - 2012-12-19 16:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-08-30 09:01 - 2013-08-30 09:01 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2013-10-02 06:02 - 2013-10-02 06:02 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2015-11-29 20:50 - 2015-11-29 20:50 - 00086528 _____ () C:\Program Files (x86)\IT Viewer\mgwz.dll
2014-03-20 14:37 - 2012-06-26 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-10-09 13:41 - 2013-10-09 13:41 - 00037968 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2013-09-10 11:23 - 2013-09-10 11:23 - 00162816 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:036B81D9
AlternateDataStreams: C:\ProgramData\Temp:201C0C98
AlternateDataStreams: C:\ProgramData\Temp:2187A2BB
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2DC3B66B
AlternateDataStreams: C:\ProgramData\Temp:4EE323A4
AlternateDataStreams: C:\ProgramData\Temp:6378B6B8
AlternateDataStreams: C:\ProgramData\Temp:77E927FC
AlternateDataStreams: C:\ProgramData\Temp:7929462F
AlternateDataStreams: C:\ProgramData\Temp:81013054
AlternateDataStreams: C:\ProgramData\Temp:8E916279
AlternateDataStreams: C:\ProgramData\Temp:AB4B1687
AlternateDataStreams: C:\ProgramData\Temp:DA886912
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:FE26780F

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\StartupFolder: => "Samsung Drive Manager Real-Time.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\StartupApproved\Run: => "Playthru Player"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1B34EBA8-F5F5-4E01-B6E1-7E839325C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E631784-4EBA-4E74-8FF9-A7B47EE4EE17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5046F40D-27A8-4FEB-8EE4-C98952CF2A88}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8523DE5-EF2B-40C5-9B69-AA0587DA8A38}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => (Allow) LPort=1900
FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => (Allow) LPort=2869
FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{53BA3BCF-E7D7-4513-8F4B-A84FC9A7543C}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FED08C3-335F-4088-BFDC-8DF471D7605F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9AE41AEE-9288-4FC4-94BF-D81867BFEF82}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E662C276-4250-4631-BCE2-9EE018819C8F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C282600-D749-4C93-B60A-162202C963C0}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8709BF5C-36D3-41C5-B8F8-822459AB3326}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4A46C9ED-5091-4FA5-8D8A-022AAF51ED59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF647150-544C-4D3D-88F9-2908750131C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45E9BB99-6C74-4538-A6AD-3CAA2FD25A64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{917CCD95-FDBE-44CB-81AB-CCC1A7840DEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{724A5C12-50AF-4284-A5F2-3653FCDD7997}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EDCB5969-C492-4F93-9D35-97F5A0A753E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8FAFA43-0891-4EEE-867D-69B74CFD1225}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/01/2015 05:55:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x1304
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 05:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15360

Error: (12/01/2015 05:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15360

Error: (12/01/2015 05:52:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/01/2015 04:55:25 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (12/01/2015 04:37:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x1314
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 01:30:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x141c
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 01:04:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x1460
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 00:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 46167485

Error: (12/01/2015 00:54:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 46167485


System errors:
=============
Error: (12/01/2015 07:18:09 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:14:41 PM on ‎12/‎1/‎2015 was unexpected.

Error: (12/01/2015 05:54:10 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (12/01/2015 05:54:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 5:16:29 PM on ‎12/‎1/‎2015 was unexpected.

Error: (12/01/2015 04:36:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:31:26 PM on ‎12/‎1/‎2015 was unexpected.

Error: (11/30/2015 07:27:53 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The File History Service service hung on starting.

Error: (11/30/2015 07:21:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error:
%%1747

Error: (11/30/2015 06:46:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:20:59 AM on ‎11/‎30/‎2015 was unexpected.

Error: (11/30/2015 00:10:59 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The AFBAgent service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (11/29/2015 08:50:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Privoxy (PrivoxyService) service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (11/29/2015 06:24:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 43%
Total physical RAM: 3981.73 MB
Available physical RAM: 2250.04 MB
Total Virtual: 4685.73 MB
Available Virtual: 2467.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:135.72 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that.  
 
 

 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner ( right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
 
Run FRST again, check the Additions box and then Scan.  You will get two logs.  Post them both.
 
Did we get it?

  • 0

#3
debbiemack

debbiemack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Thank you!

 

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 12:02:17
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - DEFAULT-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Orbiter
Service Found : SPPD

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\User\AppData\Local\SearchProtect
Folder Found : C:\Users\User\AppData\Local\bvxvgxvyy
Folder Found : C:\Users\User\AppData\Roaming\InetStat
Folder Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\WINDOWS\SysNative\Tasks\bvxvgxvyy

***** [ Files ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\trovi.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : bvxvgxvyy

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D110215-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3986 bytes] ##########
# AdwCleaner v5.018 - Logfile created 07/11/2015 at 12:02:17
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - DEFAULT-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Orbiter
Service Found : SPPD

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\User\AppData\Local\SearchProtect
Folder Found : C:\Users\User\AppData\Local\bvxvgxvyy
Folder Found : C:\Users\User\AppData\Roaming\InetStat
Folder Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\WINDOWS\SysNative\Tasks\bvxvgxvyy

***** [ Files ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\trovi.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : bvxvgxvyy

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D110215-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3986 bytes] ##########

# AdwCleaner v5.018 - Logfile created 07/11/2015 at 12:02:17
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - DEFAULT-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Orbiter
Service Found : SPPD

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\User\AppData\Local\SearchProtect
Folder Found : C:\Users\User\AppData\Local\bvxvgxvyy
Folder Found : C:\Users\User\AppData\Roaming\InetStat
Folder Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\WINDOWS\SysNative\Tasks\bvxvgxvyy

***** [ Files ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\trovi.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : bvxvgxvyy

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D110215-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3986 bytes] ##########
# AdwCleaner v5.018 - Logfile created 07/11/2015 at 12:02:17
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - DEFAULT-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Orbiter
Service Found : SPPD

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\User\AppData\Local\SearchProtect
Folder Found : C:\Users\User\AppData\Local\bvxvgxvyy
Folder Found : C:\Users\User\AppData\Roaming\InetStat
Folder Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\WINDOWS\SysNative\Tasks\bvxvgxvyy

***** [ Files ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\trovi.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : bvxvgxvyy

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D110215-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3986 bytes] ##########


# AdwCleaner v5.018 - Logfile created 07/11/2015 at 12:02:17
# Updated 05/11/2015 by Xplode
# Database : 2015-11-03.2 [Server]
# Operating system : Windows 8.1  (x64)
# Username : User - DEFAULT-PC
# Running from : C:\Users\User\Downloads\adwcleaner_5.018.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Orbiter
Service Found : SPPD

***** [ Folders ] *****

Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\Program Files (x86)\ORBTR
Folder Found : C:\Program Files (x86)\myfree codec
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Found : C:\Users\User\AppData\Local\SearchProtect
Folder Found : C:\Users\User\AppData\Local\bvxvgxvyy
Folder Found : C:\Users\User\AppData\Roaming\InetStat
Folder Found : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
Folder Found : C:\WINDOWS\SysNative\Tasks\bvxvgxvyy

***** [ Files ] *****

File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\trovi.xml
File Found : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\bing-lavasoft.xml
File Found : C:\WINDOWS\apppatch\apppatch64\vcldr64.dll
File Found : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
File Found : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
File Found : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll

***** [ DLL ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

Task Found : bvxvgxvyy

***** [ Registry ] *****

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Key Found : HKCU\Software\Classes\Applications\inetstat.exe
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : HKCU\Software\InetStat
Key Found : HKCU\Software\Myfree Codec
Key Found : HKCU\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Myfree Codec
Key Found : HKLM\SOFTWARE\SearchProtect
Key Found : HKLM\SOFTWARE\ORBTR
Key Found : HKLM\SOFTWARE\SPPDCOM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\InetStat
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] - {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

***** [ Web browsers ] *****

[C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\prefs.js] [Preference] Found : user_pref("browser.newtab.url", "hxxp://www.bing.com/?pc=COSP&ptag=D110215-A880FF2AB0987464788F&form=CONMHP&conlogo=CT3332041");

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3986 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-11-2015
Ran by User (administrator) on DEFAULT-PC (02-12-2015 12:29:27)
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\User\Downloads\FRST64(2).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-07-27] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll [2012-09-27] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-11-01] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk [2015-11-01]
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{13F90941-AB00-490E-A410-6A79564452C0}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2015-11-10] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-09] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-13] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-01] (Adobe Systems Inc.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\extensions\[email protected] [2015-11-02]
FF Extension: No Name - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [not found]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2015-11-10] [not signed]
FF Extension: Facebook™ Disconnect - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\Extensions\[email protected] [2015-11-01]
FF Extension: Privacy Settings - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\Extensions\[email protected] [2015-11-13]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-08] (Apple Inc.)
R3 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-08-30] (ASUS)
R3 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2015-11-10] (Kaspersky Lab ZAO)
R3 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-28] (Intel Corporation)
R3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1045376 2015-12-01] (Enigma Software Group USA, LLC.)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-21] (DEVGURU Co., LTD.)
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-20] (Clarus, Inc.) [File not signed]
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-11-01] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-11-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [70928 2013-12-13] (ASUS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-01] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-01] ()
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-02] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-11-10] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-11-10] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [925064 2015-11-10] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-11-10] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-11-10] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-22] ()
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-22] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-11-01] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-11-01] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-11-01] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 12:27 - 2015-12-02 12:27 - 00000774 _____ C:\Users\User\Downloads\JRT.txt
2015-12-02 12:27 - 2015-12-02 12:27 - 00000774 _____ C:\Users\User\Desktop\JRT.txt
2015-12-02 12:24 - 2015-12-02 12:24 - 01599336 _____ (Malwarebytes) C:\Users\User\Downloads\JRT.exe
2015-12-02 12:13 - 2015-12-02 12:13 - 01736704 _____ C:\Users\User\Downloads\AdwCleaner.exe
2015-12-02 12:04 - 2015-12-02 12:10 - 00004307 _____ C:\Users\User\Downloads\Fixlog.txt
2015-12-01 19:35 - 2015-12-01 19:35 - 00001413 _____ C:\Users\User\Desktop\FRST64(2).exe - Shortcut.lnk
2015-12-01 19:34 - 2015-12-01 19:34 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64(2).exe
2015-12-01 19:14 - 2015-12-01 19:14 - 00024636 _____ C:\Users\User\Downloads\aswMBR.txt
2015-12-01 19:14 - 2015-12-01 19:14 - 00000512 _____ C:\Users\User\Downloads\MBR.dat
2015-12-01 19:11 - 2015-12-01 19:11 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr(1).exe
2015-12-01 19:09 - 2015-12-01 19:09 - 05200384 _____ (AVAST Software) C:\Users\User\Downloads\aswmbr.exe
2015-12-01 19:02 - 2015-12-01 20:14 - 00026217 _____ C:\Users\User\Downloads\Addition.txt
2015-12-01 19:00 - 2015-12-02 12:29 - 00014457 _____ C:\Users\User\Downloads\FRST.txt
2015-12-01 18:59 - 2015-12-02 12:29 - 00000000 ____D C:\FRST
2015-12-01 18:59 - 2015-12-01 18:59 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64(1).exe
2015-12-01 18:57 - 2015-12-01 18:57 - 02350080 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2015-12-01 18:11 - 2015-12-01 18:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Enigma Software Group
2015-12-01 18:11 - 2015-12-01 18:11 - 00000000 _____ C:\autoexec.bat
2015-12-01 18:10 - 2015-12-01 18:11 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-12-01 18:10 - 2015-12-01 18:10 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-01 18:10 - 2015-12-01 18:10 - 00003326 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-12-01 18:10 - 2015-12-01 18:10 - 00001105 _____ C:\Users\User\Desktop\SpyHunter.lnk
2015-12-01 18:10 - 2015-12-01 18:10 - 00000000 ____D C:\sh4ldr
2015-12-01 18:10 - 2015-12-01 18:10 - 00000000 ____D C:\Program Files\Enigma Software Group
2015-12-01 18:09 - 2015-12-01 18:09 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\User\Downloads\SpyHunter-Installer.exe
2015-12-01 17:02 - 2015-12-01 17:03 - 00003815 _____ C:\WINDOWS\Green Valley Fun on the Farm Uninstall Log.txt
2015-12-01 13:32 - 2015-12-01 13:32 - 00000000 ____D C:\Users\User\AppData\Local\Clarus
2015-11-30 19:33 - 2015-11-30 19:33 - 00000000 ____D C:\Users\User\AppData\LocalLow\uTorrent
2015-11-29 20:50 - 2015-11-30 19:12 - 00000000 ____D C:\Users\User\AppData\Roaming\Better Updater
2015-11-29 14:55 - 2015-11-29 14:56 - 55412736 _____ C:\Users\User\Downloads\FontPack1500720033_XtdAlf_Lang_DC.msi
2015-11-29 14:54 - 2015-11-29 14:54 - 00083441 _____ C:\Users\User\Downloads\Richard Henry McKavanagh(1).pdf
2015-11-29 14:48 - 2015-11-29 14:49 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-29 14:48 - 2015-11-29 14:48 - 00002069 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-28 19:10 - 2015-11-28 19:10 - 00000000 ____D C:\ProgramData\Intenium
2015-11-28 19:09 - 2015-11-28 19:09 - 00009027 _____ C:\WINDOWS\Green Valley Fun on the Farm Setup Log.txt
2015-11-28 19:09 - 2015-11-28 19:09 - 00000000 ____D C:\WINDOWS\Green Valley Fun on the Farm
2015-11-27 21:05 - 2015-11-27 21:05 - 00000000 ____D C:\Users\User\AppData\Roaming\8floor
2015-11-26 21:21 - 2015-11-26 21:21 - 00000000 ____D C:\Users\User\AppData\Roaming\BlamGames
2015-11-24 20:56 - 2015-11-24 20:56 - 00000000 ____D C:\Users\User\AppData\Roaming\Eipix
2015-11-24 18:09 - 2015-11-24 18:10 - 01426493 _____ C:\Users\User\Downloads\What is Paleo
2015-11-23 23:10 - 2015-11-23 23:10 - 00000000 ____D C:\ProgramData\Clarus
2015-11-23 21:06 - 2015-11-23 21:06 - 00000000 ____D C:\Users\User\AppData\Roaming\ERS G-Studio
2015-11-21 19:22 - 2015-11-21 19:22 - 00000000 ____D C:\Users\User\AppData\Roaming\Casual Arts
2015-11-21 19:20 - 2015-12-01 17:06 - 00000000 ____D C:\Program Files (x86)\Vacation Adventures - Cruise Director 2
2015-11-19 19:44 - 2015-11-19 19:44 - 00000000 ____D C:\Users\User\AppData\Local\Namco
2015-11-19 19:40 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2015-11-19 19:40 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2015-11-19 19:40 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2015-11-19 19:40 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2015-11-19 19:40 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2015-11-19 19:40 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2015-11-19 19:40 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2015-11-19 19:40 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2015-11-19 19:40 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2015-11-19 19:40 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2015-11-19 19:40 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-11-19 19:40 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2015-11-19 19:40 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-11-19 19:40 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2015-11-19 19:40 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2015-11-19 19:40 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2015-11-19 19:40 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2015-11-19 19:40 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2015-11-19 19:40 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2015-11-19 19:40 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2015-11-19 19:40 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2015-11-19 19:40 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2015-11-19 19:40 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2015-11-19 19:40 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2015-11-19 19:40 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2015-11-19 19:40 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2015-11-19 19:40 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2015-11-19 19:40 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2015-11-19 19:40 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2015-11-19 19:40 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2015-11-19 19:40 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2015-11-19 19:40 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2015-11-19 19:40 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2015-11-19 19:40 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2015-11-19 19:40 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2015-11-19 19:40 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2015-11-19 19:40 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2015-11-19 19:40 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2015-11-19 19:40 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2015-11-19 19:40 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2015-11-19 19:40 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2015-11-19 19:40 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2015-11-19 19:40 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2015-11-19 19:40 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2015-11-19 19:40 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2015-11-19 19:40 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-11-19 19:40 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2015-11-19 19:40 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2015-11-19 19:40 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2015-11-19 19:40 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2015-11-19 19:40 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2015-11-19 19:40 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2015-11-19 19:40 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2015-11-19 19:40 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2015-11-19 19:40 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2015-11-19 19:40 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2015-11-19 19:40 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2015-11-19 19:40 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2015-11-19 19:40 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2015-11-19 19:40 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2015-11-19 19:40 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2015-11-19 19:40 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2015-11-19 19:40 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2015-11-19 19:40 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2015-11-19 19:40 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2015-11-19 19:40 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2015-11-19 19:40 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-11-19 19:40 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2015-11-19 19:40 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2015-11-19 19:40 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2015-11-19 19:40 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2015-11-19 19:40 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2015-11-19 19:40 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2015-11-19 19:40 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2015-11-19 19:40 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2015-11-19 19:39 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2015-11-19 19:39 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2015-11-19 19:39 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2015-11-19 19:39 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2015-11-19 19:39 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2015-11-19 19:39 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2015-11-19 19:39 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2015-11-19 19:39 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2015-11-19 19:35 - 2015-11-19 19:41 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2015-11-16 22:16 - 2015-11-16 22:28 - 00000000 ____D C:\Users\User\Documents\Audiobooks
2015-11-16 19:50 - 2015-11-16 19:50 - 00000000 ____D C:\ProgramData\ZombieJewel
2015-11-16 13:08 - 2015-11-16 13:09 - 00003294 _____ C:\WINDOWS\BRPARAM.INI
2015-11-16 13:08 - 2015-11-16 13:08 - 00000000 ____D C:\ProgramData\Brother
2015-11-16 13:05 - 2015-11-16 13:09 - 00000000 ____D C:\Users\User\Documents\Fax
2015-11-16 13:05 - 2015-11-16 13:05 - 00000000 ___RD C:\Users\User\Documents\Scanned Documents
2015-11-16 12:56 - 2015-11-16 12:56 - 00204309 _____ C:\Users\User\Downloads\order-44441.pdf
2015-11-15 21:20 - 2015-11-15 21:20 - 00000000 ____D C:\Users\User\AppData\Local\JollyBear
2015-11-15 21:20 - 2015-11-15 21:20 - 00000000 ____D C:\ProgramData\JollyBear
2015-11-14 19:43 - 2015-11-14 19:43 - 00321718 _____ C:\Users\User\Downloads\Gordon Roy Spencer 1951.pdf
2015-11-14 19:42 - 2015-11-14 19:42 - 00315917 _____ C:\Users\User\Downloads\document(15).pdf
2015-11-13 20:18 - 2015-11-13 20:18 - 00000000 ____D C:\Users\User\AppData\Roaming\HomeMakeover
2015-11-13 19:17 - 2015-11-13 19:17 - 00000000 ____D C:\Users\User\AppData\Local\fantasy_mosaics_10
2015-11-13 12:40 - 2015-11-13 12:40 - 00020367 _____ C:\Users\User\Downloads\12689_20151108.pdf
2015-11-12 23:45 - 2015-11-12 23:45 - 00161618 _____ C:\Users\User\Downloads\Obituary Mr WHF Zimmermann 2 Dec 1932.pdf
2015-11-12 23:44 - 2015-11-12 23:45 - 00156045 _____ C:\Users\User\Downloads\document(14).pdf
2015-11-12 23:34 - 2015-11-12 23:34 - 00083441 _____ C:\Users\User\Downloads\Richard Henry McKavanagh.pdf
2015-11-12 23:33 - 2015-11-12 23:33 - 00079367 _____ C:\Users\User\Downloads\document(13).pdf
2015-11-12 23:21 - 2015-11-12 23:21 - 00541853 _____ C:\Users\User\Downloads\John Francis McKavanagh man freed on murder charge 7 July 1947.pdf
2015-11-12 23:21 - 2015-11-12 23:21 - 00536251 _____ C:\Users\User\Downloads\document(12).pdf
2015-11-12 23:09 - 2015-11-12 23:09 - 00955254 _____ C:\Users\User\Downloads\John Francis McKavanagh 2 June 1947 murder trial.pdf
2015-11-12 23:08 - 2015-11-12 23:08 - 00949483 _____ C:\Users\User\Downloads\document(11).pdf
2015-11-12 22:47 - 2015-11-12 22:47 - 00041789 _____ C:\Users\User\Downloads\Thomas McKavanagh death 1897.pdf
2015-11-12 22:47 - 2015-11-12 22:47 - 00037376 _____ C:\Users\User\Downloads\document(10).pdf
2015-11-12 22:43 - 2015-11-12 22:43 - 00203265 _____ C:\Users\User\Downloads\John Francis McKavanagh man charged with murder.pdf
2015-11-12 22:42 - 2015-11-12 22:42 - 00197668 _____ C:\Users\User\Downloads\document(9).pdf
2015-11-12 22:36 - 2015-11-12 22:36 - 00141549 _____ C:\Users\User\Downloads\John Patrick McKavanagh death 1939.pdf
2015-11-12 22:35 - 2015-11-12 22:35 - 00136015 _____ C:\Users\User\Downloads\document(8).pdf
2015-11-12 22:27 - 2015-11-12 22:27 - 00125219 _____ C:\Users\User\Downloads\John Francis McKavanagh 1935 man convicted for nose frature.pdf
2015-11-12 22:26 - 2015-11-12 22:26 - 00119535 _____ C:\Users\User\Downloads\document(7).pdf
2015-11-12 22:18 - 2015-11-12 22:18 - 00067372 _____ C:\Users\User\Downloads\John Patrick McKavanagh accident 1909.pdf
2015-11-12 22:17 - 2015-11-12 22:17 - 00062976 _____ C:\Users\User\Downloads\document(6).pdf
2015-11-12 22:14 - 2015-11-12 22:14 - 00053283 _____ C:\Users\User\Downloads\John Patrick McKavanagh probate.pdf
2015-11-12 22:13 - 2015-11-12 22:13 - 00049216 _____ C:\Users\User\Downloads\document(5).pdf
2015-11-12 22:10 - 2015-11-12 22:10 - 00071612 _____ C:\Users\User\Downloads\John Francis McKavanagh  nose fractured 1935.pdf
2015-11-12 22:10 - 2015-11-12 22:10 - 00067228 _____ C:\Users\User\Downloads\document(4).pdf
2015-11-12 22:03 - 2015-11-12 22:03 - 00178005 _____ C:\Users\User\Downloads\John Francis McKavanagh murder trial.pdf
2015-11-12 22:02 - 2015-11-12 22:02 - 00172287 _____ C:\Users\User\Downloads\document(3).pdf
2015-11-12 21:58 - 2015-11-12 21:58 - 00122224 _____ C:\Users\User\Downloads\John Francis McKavanagh murder.pdf
2015-11-12 21:57 - 2015-11-12 21:57 - 00117808 _____ C:\Users\User\Downloads\document(2).pdf
2015-11-12 21:10 - 2015-11-12 21:10 - 01717948 _____ C:\Users\User\Downloads\John Shuttler Irish death Notice 1953.pdf
2015-11-12 21:09 - 2015-11-12 21:09 - 01711585 _____ C:\Users\User\Downloads\document(1).pdf
2015-11-11 21:06 - 2015-11-11 21:06 - 00654819 _____ C:\Users\User\Downloads\McKavanagh Green Wedding 19 July 1947.pdf
2015-11-11 21:03 - 2015-11-11 21:04 - 55334400 _____ C:\Users\User\Downloads\FontPack11009_XtdAlf_Lang.msi
2015-11-11 21:02 - 2015-11-11 21:02 - 00649113 _____ C:\Users\User\Downloads\document.pdf
2015-11-11 15:39 - 2015-10-21 07:54 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-11-11 15:39 - 2015-10-21 00:53 - 03705856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-11-11 15:39 - 2015-10-21 00:36 - 02243072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-11-11 15:39 - 2015-10-21 00:35 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-11-11 15:39 - 2015-10-21 00:34 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-11-11 15:39 - 2015-10-21 00:33 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-11-11 15:39 - 2015-10-21 00:14 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-11-11 15:39 - 2015-10-21 00:13 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-11-11 15:38 - 2015-10-31 09:46 - 25818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-11-11 15:38 - 2015-10-31 09:25 - 02886656 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-11-11 15:38 - 2015-10-31 09:24 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-11-11 15:38 - 2015-10-31 09:11 - 05990912 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-11-11 15:38 - 2015-10-31 09:11 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-11 15:38 - 2015-10-31 08:52 - 20331520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-11-11 15:38 - 2015-10-31 08:47 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-11-11 15:38 - 2015-10-31 08:42 - 02279936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-11-11 15:38 - 2015-10-31 08:39 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-11-11 15:38 - 2015-10-31 08:36 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-11 15:38 - 2015-10-31 08:32 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-11-11 15:38 - 2015-10-31 08:31 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-11-11 15:38 - 2015-10-31 08:22 - 14457856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-11-11 15:38 - 2015-10-31 08:17 - 02487808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-11-11 15:38 - 2015-10-31 08:16 - 04527616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-11-11 15:38 - 2015-10-31 08:14 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-11-11 15:38 - 2015-10-31 08:10 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-11-11 15:38 - 2015-10-31 08:09 - 12854272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-11-11 15:38 - 2015-10-31 08:04 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-11-11 15:38 - 2015-10-31 07:53 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-11-11 15:38 - 2015-10-31 07:51 - 02011136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-11-11 15:38 - 2015-10-31 07:48 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-11-11 15:38 - 2015-10-31 07:46 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-11-11 15:31 - 2015-10-18 00:19 - 04176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-11-11 15:31 - 2015-09-08 02:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2015-11-11 15:31 - 2015-09-08 01:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2015-11-11 15:31 - 2015-09-08 01:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-11-11 15:31 - 2015-03-20 13:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2015-11-11 15:31 - 2015-01-29 11:04 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-11-11 15:21 - 2015-10-15 09:02 - 07455064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-11-11 15:21 - 2015-10-15 09:02 - 01659560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-11-11 15:21 - 2015-10-15 09:02 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-11-11 15:21 - 2015-10-15 09:02 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-11-11 15:21 - 2015-10-15 09:02 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-11-11 14:11 - 2015-10-14 01:59 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00137960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00120376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00106952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-11-11 14:11 - 2015-10-14 01:59 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-11-11 14:11 - 2015-10-11 16:36 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-11-11 14:11 - 2015-10-11 16:36 - 00177496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-11-11 14:11 - 2015-10-11 04:40 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-11-11 14:11 - 2015-10-11 04:39 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-11-11 14:11 - 2015-10-11 04:07 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-11-11 14:11 - 2015-10-11 03:33 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-11-11 14:11 - 2015-10-11 03:27 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-11-11 14:11 - 2015-10-11 03:11 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-11-11 14:11 - 2015-10-11 02:45 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-11-11 14:10 - 2015-09-29 22:24 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-11-11 14:09 - 2015-08-21 06:45 - 01380048 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-11-11 14:09 - 2015-08-21 03:48 - 01096704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-11-11 14:07 - 2015-10-14 03:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-11 14:07 - 2015-10-14 03:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-11 14:07 - 2015-09-05 05:24 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-11-11 14:07 - 2015-08-29 08:20 - 00183368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-11-11 14:01 - 2015-10-16 02:08 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-11-11 14:01 - 2015-10-16 01:46 - 00803328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-11-11 14:00 - 2015-09-12 23:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-11-11 13:39 - 2015-10-09 02:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-11-11 13:39 - 2015-08-11 04:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-11-11 13:39 - 2015-08-11 04:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-11-11 13:39 - 2015-08-11 03:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-11-11 13:39 - 2015-08-11 02:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-11-11 13:39 - 2015-08-11 02:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-11-10 10:36 - 2015-11-10 10:36 - 00002412 _____ C:\Users\User\Desktop\Safe Money.lnk
2015-11-10 10:36 - 2015-11-10 10:36 - 00002150 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-11-10 10:36 - 2015-11-10 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-11-10 10:35 - 2015-12-02 12:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-10 10:35 - 2015-11-10 10:35 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-10 10:35 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2015-11-10 10:34 - 2015-11-10 11:20 - 00925064 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2015-11-10 10:34 - 2015-11-10 11:20 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2015-11-10 10:24 - 2015-11-10 10:27 - 177804504 _____ (Kaspersky Lab) C:\Users\User\Downloads\kis16.0.0.614en-au.exe
2015-11-10 10:13 - 2015-12-02 12:18 - 00000000 ___DO C:\Users\User\OneDrive
2015-11-09 19:52 - 2015-11-09 19:52 - 00000000 ____D C:\Users\User\AppData\Roaming\Five-BN Games
2015-11-08 11:44 - 2015-11-08 11:44 - 00000000 ____D C:\Users\User\AppData\Local\CEF
2015-11-07 18:03 - 2015-11-07 18:03 - 00000000 ____D C:\Users\User\AppData\Roaming\ERS Game Studios
2015-11-07 12:02 - 2015-12-02 12:22 - 00000000 ____D C:\AdwCleaner
2015-11-07 12:01 - 2015-11-07 12:01 - 01713664 _____ C:\Users\User\Downloads\adwcleaner_5.018.exe
2015-11-07 00:21 - 2015-11-29 14:48 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-06 22:05 - 2015-11-06 22:05 - 00000000 ____D C:\Users\User\AppData\Local\fantasy_mosaics_9
2015-11-06 16:31 - 2015-11-06 16:31 - 00000000 ____D C:\Users\User\AppData\Local\GWX
2015-11-05 00:48 - 2015-11-07 01:01 - 00002141 _____ C:\Users\Public\Desktop\Smart Switch.lnk
2015-11-05 00:25 - 2015-11-05 00:48 - 00000000 ____D C:\Users\User\AppData\Roaming\Samsung
2015-11-05 00:25 - 2015-11-05 00:25 - 00000000 ____D C:\Users\User\AppData\Local\Samsung
2015-11-05 00:25 - 2015-11-05 00:25 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-11-05 00:24 - 2015-11-05 00:49 - 00000000 ____D C:\Users\User\Documents\samsung
2015-11-05 00:24 - 2015-11-05 00:38 - 00002020 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-11-05 00:24 - 2015-11-05 00:38 - 00002010 _____ C:\Users\Public\Desktop\Samsung Kies.lnk
2015-11-05 00:18 - 2015-05-21 16:02 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-11-05 00:18 - 2015-05-21 16:02 - 00110720 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-11-05 00:17 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\WINDOWS\SysWOW64\Redemption.dll
2015-11-05 00:17 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-11-05 00:16 - 2015-11-05 00:48 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-11-05 00:16 - 2015-11-05 00:23 - 00000000 ____D C:\ProgramData\Samsung
2015-11-05 00:09 - 2015-11-05 00:09 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2015-11-05 00:08 - 2015-11-05 00:09 - 78749536 _____ (Samsung Electronics Co., Ltd.) C:\Users\User\Downloads\KiesSetup.exe
2015-11-04 23:23 - 2015-11-04 23:23 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-11-03 23:43 - 2015-11-04 21:14 - 00000000 ___SD C:\WINDOWS\system32\GWX
2015-11-03 23:43 - 2015-11-03 23:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2015-11-03 23:43 - 2015-11-03 23:43 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-11-03 21:38 - 2015-11-03 22:34 - 00000000 ____D C:\Users\User\AppData\Roaming\Jewel Match Twilight
2015-11-03 20:04 - 2015-07-31 00:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-03 20:04 - 2015-07-30 23:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-03 19:51 - 2014-04-16 09:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-11-03 19:51 - 2014-04-16 09:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-11-02 15:36 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Hot Lava Games
2015-11-02 15:36 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Roaming\Game Forest
2015-11-02 15:06 - 2015-11-02 15:36 - 00000000 ____D C:\Program Files (x86)\Gummy Drop!
2015-11-02 15:06 - 2015-11-02 15:06 - 00001938 _____ C:\Users\Public\Desktop\Play Gummy Drop!.lnk
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\Users\User\AppData\Roaming\Anuman
2015-11-02 15:06 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gummy Drop!
2015-11-02 15:02 - 2015-11-02 15:02 - 00000973 _____ C:\Users\Public\Desktop\Games.lnk
2015-11-02 15:01 - 2015-11-02 15:06 - 00000000 ____D C:\ProgramData\Big Fish
2015-11-02 15:01 - 2015-11-02 15:01 - 00001941 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-11-02 15:01 - 2015-11-02 15:01 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-11-02 15:01 - 2015-11-02 15:01 - 00000000 ____D C:\Program Files (x86)\bfgclient
2015-11-02 15:00 - 2015-11-13 23:16 - 00000000 ____D C:\BigFishCache
2015-11-02 15:00 - 2015-11-02 15:36 - 00000000 ____D C:\Users\User\AppData\Local\Big Fish
2015-11-02 14:17 - 2015-11-02 14:18 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2015-11-02 14:17 - 2015-11-02 14:17 - 00001767 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-11-02 14:17 - 2015-11-02 14:17 - 00000000 ____D C:\Users\User\AppData\Local\Apple Computer
2015-11-02 14:17 - 2015-11-02 14:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-11-02 14:16 - 2015-11-02 14:17 - 00000000 ____D C:\Program Files\iTunes
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files\iPod
2015-11-02 14:16 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-02 14:14 - 2015-11-02 14:14 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files\Bonjour
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-02 14:14 - 2015-11-02 14:14 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-02 14:13 - 2015-11-02 14:16 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-02 14:13 - 2015-11-02 14:14 - 00000000 ____D C:\ProgramData\Apple
2015-11-02 14:08 - 2015-11-02 14:11 - 167839512 _____ (Apple Inc.) C:\Users\User\Downloads\iTunes6464Setup.exe
2015-11-02 11:43 - 2015-11-29 14:49 - 00003886 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-11-02 11:24 - 2015-12-02 06:53 - 00003930 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C87F0C6B-BFA6-4603-BC36-1FF5CF9BEDC3}
2015-11-02 11:21 - 2015-12-01 17:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player
2015-11-02 11:21 - 2015-11-02 11:21 - 00000000 ____D C:\Program Files (x86)\PlaythruPlayer
2015-11-02 11:20 - 2015-11-02 11:41 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-11-02 11:20 - 2015-11-02 11:41 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-11-02 11:20 - 2015-11-02 11:20 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-11-02 11:20 - 2015-11-02 11:20 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-11-02 11:18 - 2015-11-02 11:18 - 01136168 _____ (Download Assistant) C:\Users\User\Downloads\firefox_setup.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-02 12:23 - 2014-03-20 14:57 - 00003268 _____ C:\WINDOWS\System32\Tasks\AsusVibeSchedule
2015-12-02 12:23 - 2014-03-20 14:51 - 00003384 _____ C:\WINDOWS\System32\Tasks\Update Checker
2015-12-02 12:22 - 2014-03-20 14:52 - 00003028 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-02 12:22 - 2014-03-20 14:52 - 00003004 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ColorU
2015-12-02 12:22 - 2014-03-20 14:52 - 00002988 _____ C:\WINDOWS\System32\Tasks\ASUS Splendid ACMON
2015-12-02 12:22 - 2014-03-20 14:51 - 00003056 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-02 12:22 - 2014-03-20 14:51 - 00002956 _____ C:\WINDOWS\System32\Tasks\ASUS InstantOn Config
2015-12-02 12:22 - 2014-03-20 14:44 - 00003540 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-02 12:19 - 2015-11-01 06:31 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-02 12:17 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 12:17 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-01 23:20 - 2014-03-20 14:55 - 00000000 ____D C:\ProgramData\Temp
2015-12-01 19:57 - 2013-08-22 23:36 - 00000000 ____D C:\Windows
2015-12-01 19:29 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-01 19:27 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-01 18:17 - 2015-10-24 01:45 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4280450626-1930446922-540388392-1001
2015-12-01 17:54 - 2013-08-23 00:44 - 00337840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-01 17:13 - 2013-05-01 19:39 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-01 17:11 - 2013-05-01 19:39 - 00000000 ____D C:\Program Files (x86)\WildGames
2015-12-01 00:04 - 2015-11-01 12:55 - 00000000 ____D C:\Users\User\AppData\Roaming\uTorrent
2015-11-30 19:31 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2015-11-30 19:13 - 2013-08-22 23:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2015-11-29 21:52 - 2015-10-29 11:59 - 00000000 ____D C:\Users\User\AppData\Local\ElevatedDiagnostics
2015-11-29 14:55 - 2015-11-01 05:45 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-11-29 14:48 - 2013-05-01 19:34 - 00000000 ____D C:\ProgramData\Adobe
2015-11-24 21:22 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\rescache
2015-11-23 23:40 - 2014-11-21 18:44 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-11-22 23:12 - 2015-10-30 12:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-22 21:38 - 2015-10-30 12:55 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-16 13:13 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-11-13 00:31 - 2013-08-23 01:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-11-13 00:31 - 2012-07-26 17:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-11-12 19:26 - 2015-11-01 12:07 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-11-12 19:26 - 2015-11-01 12:07 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-11-11 12:19 - 2015-11-01 06:31 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-11-10 11:26 - 2013-05-01 19:37 - 00000000 ____D C:\ProgramData\McAfee
2015-11-10 11:20 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2015-11-10 11:20 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2015-11-10 10:39 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2015-11-10 10:35 - 2012-07-26 18:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-11-10 10:32 - 2015-11-01 12:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2015-11-10 10:31 - 2012-07-26 15:37 - 00000000 ____D C:\Users\Default.migrated
2015-11-10 10:12 - 2015-11-01 05:52 - 00000000 ___RD C:\Users\User\OneDrive.old
2015-11-07 11:59 - 2013-05-01 19:39 - 00000000 ____D C:\ProgramData\WildTangent
2015-11-07 11:42 - 2015-11-01 05:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-07 00:18 - 2015-11-01 05:27 - 00001173 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-07 00:18 - 2015-11-01 05:27 - 00001161 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-07 00:18 - 2015-11-01 05:27 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-05 22:09 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppCompat
2015-11-05 00:48 - 2015-11-01 06:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-11-05 00:48 - 2014-03-20 14:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-11-04 21:25 - 2015-10-24 00:33 - 00000000 ____D C:\Users\User\AppData\Local\Packages
2015-11-03 23:43 - 2014-11-22 01:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2015-11-03 21:38 - 2015-10-24 00:33 - 00000000 ____D C:\Users\User\AppData\Local\VirtualStore
2015-11-03 10:23 - 2014-11-22 02:03 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-03 10:23 - 2014-11-22 02:03 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-02 11:40 - 2015-10-31 04:34 - 00000000 ____D C:\WINDOWS\system32\AutoUpdateLicense
2015-11-02 11:32 - 2015-11-01 09:32 - 00000000 ___DC C:\WINDOWS\Panther

==================== Files in the root of some directories =======

2015-11-01 08:37 - 2015-11-01 08:37 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-05-01 19:34 - 2012-09-07 21:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-05-01 19:34 - 2009-07-22 20:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-05-01 19:34 - 2012-09-07 21:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-29 16:04

==================== End of FRST.txt ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 8.1 x64
Ran by User (Administrator) on Wed 02/12/2015 at 12:25:14.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 3

Successfully deleted: C:\ProgramData\alawarentertainment (Folder)
Successfully deleted: C:\Users\User\AppData\Roaming\alawarentertainment (Folder)
Successfully deleted: C:\Users\User\AppData\Roaming\sp_data.sys (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 02/12/2015 at 12:27:22.45
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Don't see the fixlog or the addition.txt file but the FRST log looks clean so I suppose the fix ran OK.  Is the malware still bothering you?


  • 0

#5
debbiemack

debbiemack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Please find additional txt file and fix log.  Thanks

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by User (2015-12-02 12:30:45)
Running from C:\Users\User\Downloads
Windows 8.1 (X64) (2015-11-01 01:37:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4280450626-1930446922-540388392-500 - Administrator - Disabled)
Guest (S-1-5-21-4280450626-1930446922-540388392-501 - Limited - Disabled)
User (S-1-5-21-4280450626-1930446922-540388392-1001 - Administrator - Enabled) => C:\Users\User

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Internet Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.7 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.6 - ASUS)
ASUS Screen Saver (HKLM-x32\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.2 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.8 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0021 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.5 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5710.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.5710.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.311 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0031 - ASUS)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Gummy Drop! (HKLM-x32\...\BFG-Gummy Drop!) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\OneDriveSetup.exe) (Version: 17.3.6201.1019 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Playthru Player (HKLM-x32\...\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}) (Version: 1.5.0.12 - Playthru Player)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.14.327.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6976 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C9661090-C134-46E8-90B2-76D72355C2A6}) (Version: 6.2.9200.27038 - Realtek Semiconductor Corp.)
Samsung Drive Manager (HKLM-x32\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.15075.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.10.4584 - Enigma Software Group, LLC)
Windows Driver Package - ASUS (ATP) Mouse  (11/20/2013 1.0.0.194) (HKLM\...\8BA9C239ED04E09F06755E1497239BEFC08085C2) (Version: 11/20/2013 1.0.0.194 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4280450626-1930446922-540388392-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-4280450626-1930446922-540388392-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\User\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

15-11-2015 18:46:29 Windows Update
19-11-2015 19:38:01 Installed DirectX
22-11-2015 21:37:26 Windows Update
29-11-2015 15:05:34 Installed Extended Asian Language font pack for Adobe Acrobat Reader DC.
01-12-2015 17:00:48 Removed Extended Asian Language font pack for Adobe Acrobat Reader DC.
02-12-2015 12:25:18 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {002E7D41-B68C-4693-A484-0E0FB9DFAF0B} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2013-10-08] (ASUS)
Task: {0D72216C-4645-4D3D-B3CC-0CF4022BFCE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {122C36EE-41A1-48C6-9405-892483F468C9} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-12-13] (AsusTek)
Task: {1E78E299-C52B-4CC5-8C8D-E6F390171704} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-22] (Microsoft Corporation)
Task: {28D774F3-A9CB-42BC-A2FF-E393E8E2A4CF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-29] (Adobe Systems Incorporated)
Task: {4F6019BB-0114-4778-9B75-4BCB6827DDE1} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-08-30] (ASUS)
Task: {532A1D89-B534-483D-AED6-A6DA0FB848CD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {7F35D3E4-8FD8-4443-8AC7-F0B2EE7E1433} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-09-19] (ASUSTek Computer Inc.)
Task: {80B8EAF9-E815-4273-965F-38B008B16BC6} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-11-05] ()
Task: {92959BB2-6B0F-4426-A361-8A1289296E19} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-10-08] (ASUSTeK Computer Inc.)
Task: {A8271103-ECD9-4713-B53C-474AFF584EAA} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2013-11-28] ()
Task: {A98366C3-47A2-41DA-A2A1-B53916F3AD40} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-12-01] (Enigma Software Group USA, LLC.)
Task: {AE690392-5AC1-48E5-A8C0-423E21D5B473} - System32\Tasks\CLARUS_DRIVE_MANAGER\Clarus_Drive_Manager => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [2015-08-20] (Clarus, Inc.)
Task: {B220A2A9-AF72-436E-9B17-F07B2208E4B1} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-13 23:45 - 2015-10-13 23:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 23:45 - 2015-10-13 23:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-12-19 16:10 - 2012-12-19 16:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll
2014-03-20 14:37 - 2012-06-26 03:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:036B81D9
AlternateDataStreams: C:\ProgramData\Temp:201C0C98
AlternateDataStreams: C:\ProgramData\Temp:2187A2BB
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:2DC3B66B
AlternateDataStreams: C:\ProgramData\Temp:4EE323A4
AlternateDataStreams: C:\ProgramData\Temp:6378B6B8
AlternateDataStreams: C:\ProgramData\Temp:77E927FC
AlternateDataStreams: C:\ProgramData\Temp:7929462F
AlternateDataStreams: C:\ProgramData\Temp:81013054
AlternateDataStreams: C:\ProgramData\Temp:8E916279
AlternateDataStreams: C:\ProgramData\Temp:AB4B1687
AlternateDataStreams: C:\ProgramData\Temp:DA886912
AlternateDataStreams: C:\ProgramData\Temp:E153075C
AlternateDataStreams: C:\ProgramData\Temp:FE26780F

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: ASUSPRP => "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
MSCONFIG\startupreg: ASUSWebStorage => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
MSCONFIG\startupreg: DisableS3S4 => c:\windows\temp\DisableS3S464\sethigh.cmd
MSCONFIG\startupreg: HotKeysCmds => "C:\WINDOWS\system32\hkcmd.exe"
MSCONFIG\startupreg: IgfxTray => "C:\WINDOWS\system32\igfxtray.exe"
MSCONFIG\startupreg: mcpltui_exe => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
MSCONFIG\startupreg: RemoteControl10 => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
HKLM\...\StartupApproved\StartupFolder: => "Samsung Drive Manager Real-Time.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\StartupApproved\Run: => "Playthru Player"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{1B34EBA8-F5F5-4E01-B6E1-7E839325C1B4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E631784-4EBA-4E74-8FF9-A7B47EE4EE17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5046F40D-27A8-4FEB-8EE4-C98952CF2A88}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A8523DE5-EF2B-40C5-9B69-AA0587DA8A38}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{037906A0-EA0B-4353-8B10-388C0254F270}] => (Allow) LPort=1900
FirewallRules: [{4C85DDCB-8F3B-459E-8894-079FA992ABC1}] => (Allow) LPort=2869
FirewallRules: [{0C2C45C0-6122-4D6E-B66D-D1A6A4ACD5DB}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{53BA3BCF-E7D7-4513-8F4B-A84FC9A7543C}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2FED08C3-335F-4088-BFDC-8DF471D7605F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9AE41AEE-9288-4FC4-94BF-D81867BFEF82}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E662C276-4250-4631-BCE2-9EE018819C8F}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C282600-D749-4C93-B60A-162202C963C0}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8709BF5C-36D3-41C5-B8F8-822459AB3326}] => (Allow) C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4A46C9ED-5091-4FA5-8D8A-022AAF51ED59}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EF647150-544C-4D3D-88F9-2908750131C2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45E9BB99-6C74-4538-A6AD-3CAA2FD25A64}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{917CCD95-FDBE-44CB-81AB-CCC1A7840DEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{724A5C12-50AF-4284-A5F2-3653FCDD7997}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{EDCB5969-C492-4F93-9D35-97F5A0A753E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D8FAFA43-0891-4EEE-867D-69B74CFD1225}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/02/2015 00:19:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.21.10.4585 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e1c

Start Time: 01d12ca7b8545b4f

Termination Time: 0

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id: 13bdba07-989b-11e5-beaf-40167e974bf5

Faulting package full name:

Faulting package-relative application ID:

Error: (12/02/2015 00:18:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x1264
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/02/2015 00:16:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0xe18
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/02/2015 00:08:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Spyhunter4.exe version 4.21.10.4585 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d78

Start Time: 01d12ca6152fa795

Termination Time: 15

Application Path: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Report Id: 8dd9c26f-9899-11e5-beae-40167e974bf5

Faulting package full name:

Faulting package-relative application ID:

Error: (12/02/2015 06:53:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x860
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/02/2015 06:47:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x13e8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 11:13:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f
Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b
Exception code: 0xc0000005
Fault offset: 0x000000000003d86e
Faulting process id: 0x3f8
Faulting application start time: 0xGWXUX.exe0
Faulting application path: GWXUX.exe1
Faulting module path: GWXUX.exe2
Report Id: GWXUX.exe3
Faulting package full name: GWXUX.exe4
Faulting package-relative application ID: GWXUX.exe5

Error: (12/01/2015 09:27:45 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DEFAULT-PC)
Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/01/2015 09:27:45 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 86c

Start Time: 01d12c2b45f0c13c

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\wwahost.exe

Report Id: 88c53577-981e-11e5-beab-40167e974bf5

Faulting package full name: Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c

Faulting package-relative application ID: App

Error: (12/01/2015 09:27:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DEFAULT-PC)
Description: App Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c+App did not launch within its allotted time.


System errors:
=============
Error: (12/02/2015 00:16:46 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (12/02/2015 00:16:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Asus WebStorage Windows Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ASUS InstantOn Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/02/2015 00:16:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/02/2015 00:16:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Samsung Drive Manager Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Pentium® CPU 2117U @ 1.80GHz
Percentage of memory in use: 39%
Total physical RAM: 3981.73 MB
Available physical RAM: 2402.95 MB
Total Virtual: 4685.73 MB
Available Virtual: 3013.25 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:185.87 GB) (Free:141.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data) (Fixed) (Total:258.34 GB) (Free:258.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 0FE4DC0A)

Partition: GPT.

==================== End of Addition.txt ============================

 

Fix result of Farbar Recovery Scan Tool (x64) Version:30-11-2015
Ran by User (2015-12-02 12:04:52) Run:1
Running from C:\Users\User\Downloads
Loaded Profiles: User (Available Profiles: User)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\...\Run: [Playthru Player] => C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe [412080 2015-08-05] (Playthru Player)
SearchScopes: HKU\S-1-5-21-4280450626-1930446922-540388392-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4280450626-1930446922-540388392-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\facebook-search.xml [2015-11-07]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\McSiteAdvisor.xml [2015-11-10]
R2 PrivoxyService; C:\Program Files (x86)\IT Viewer\privoxy.exe [371200 2015-11-29] (The Privoxy team - www.privoxy.org) [File not signed] <==== ATTENTION
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-08-11] (McAfee, Inc.)
Task: {4AE1ADDE-FEDD-4906-83DD-2C1A39A8770F} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86) [2015-12-01] ()
Task: {62B1BB49-8D09-4731-9552-CC555E955E39} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86) [2015-12-01] ()
Task: {9C574831-25EE-4194-8657-CFF3D4288D13} - \Better Updater -> No File <==== ATTENTION
C:\Program Files (x86)\IT Viewer
EmptyTemp:





*****************

HKU\S-1-5-21-4280450626-1930446922-540388392-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Playthru Player => value removed successfully
HKU\S-1-5-21-4280450626-1930446922-540388392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4280450626-1930446922-540388392-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\facebook-search.xml => moved successfully
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\30hyqpg7.default\searchplugins\McSiteAdvisor.xml => moved successfully
PrivoxyService => Unable to stop service.
PrivoxyService => service removed successfully
mfeelamk => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AE1ADDE-FEDD-4906-83DD-2C1A39A8770F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AE1ADDE-FEDD-4906-83DD-2C1A39A8770F}" => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update1 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62B1BB49-8D09-4731-9552-CC555E955E39}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62B1BB49-8D09-4731-9552-CC555E955E39}" => key removed successfully
C:\WINDOWS\System32\Tasks\ASUS Live Update2 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Live Update2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C574831-25EE-4194-8657-CFF3D4288D13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C574831-25EE-4194-8657-CFF3D4288D13}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Better Updater" => key removed successfully

"C:\Program Files (x86)\IT Viewer" folder move:

Could not move "C:\Program Files (x86)\IT Viewer" => Scheduled to move on reboot.

EmptyTemp: => 6.1 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-12-02 12:06:41)

C:\Program Files (x86)\IT Viewer => Is moved successfully

==== End of Fixlog 12:06:41 ====


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

So are you seeing  any sign of malware now?


  • 0

#7
debbiemack

debbiemack

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

Process seems to have fixed the problem!  Thanks very much


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP